The more I think about those, the more I want #PGP Web of Trust for everything: cryptographically autographed content where I decide the degree if trust for the author.

It failed for a reason, but still better than #WorldCoin…

https://aphyr.com/posts/388-the-future-of-comments-is-lies-i-guess

Remarkable investigation into Telegram by IStories (in Russian):
https://www.istories.media/stories/2025/06/10/kak-telegram-svyazan-s-fsb/

English version by OCCRP:
http://www.occrp.org/en/investigation/telegram-the-fsb-and-the-man-in-the-middle

tl;dr:

👉 Telegram uses a single company with ties to the Russian FSB as their sole infrastructure provider, globally.

👉 Combined with a cleartext device identifier Telegram's protocol requires to be prepended to all encrypted messages, this allows for global surveillance of Telegram users.

I am quoted in this story.

#Telegram #InfoSec #Privacy

@andrewg why are you speaking so ill of lightsabers?

#deltatauri is ready for testing.

https://support.delta.chat/t/help-test-the-tauri-pre-release/3827

DeltaTauri is basically #deltachat_desktop , but using #tauri instead of electron.
Full Blogpost will follow soon.

I just released version 0.1.2 of rsop-oct, a stateless #OpenPGP ("SOP") CLI tool for use with OpenPGP card hardware devices:

https://crates.io/crates/rsop-oct/

Like its sibling project #rsop, rsop-oct is based on @rpgp

This update makes integration with https://crates.io/crates/openpgp-card-state optional.

rsop-oct can now implicitly use persisted PINs via openpgp-card-state, or explicitly provided ones via the standard SOP CLI parameter '--with-key-password'.

For more on #SOP, see https://datatracker.ietf.org/doc/draft-dkg-openpgp-stateless-cli/

#PGP #GnuPG

I just released version 0.7.0 of #rsop, a stateless #OpenPGP ("SOP") CLI tool based on @rpgp:

https://crates.io/crates/rsop/

This version uses the new rPGP 0.16.0, with streaming message support.
It also comes with a number of bugfixes.

For more on #SOP, see https://datatracker.ietf.org/doc/draft-dkg-openpgp-stateless-cli/

#PGP #GnuPG

our friends over at @rpgp just published a monster milestone, humbly tagged 0.16 😍 with

- streaming decryption and encryption

- post-quantum-cryptography

- API streamlining.

#rPGP is a full Rust implementation of #openpgp which counts among the fastest and most compliant implementations today, and includes security audits. Note: #deltachat uses a restricted subset of OpenPGP, and follows best practices (eg using the same ed25519 keys implementation as #signal) https://github.com/rpgp/rpgp/

New release: #rPGP version 0.16.0 🧰🔐✨

https://github.com/rpgp/rpgp/releases/tag/v0.16.0

#OpenPGP implemented in pure #Rust, permissively licensed

This release features streaming message support: Now rPGP can process arbitrarily large messages, with modest memory requirements.

It adds experimental support for the upcoming OpenPGP #PQC IETF standard https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-pqc

This release also brings various improvements for key generation, support for X448/Ed448, and many minor fixes.

@pkal Turns out, since 2014: https://icannwiki.org/.foo ... but I also think it's a very silly and weird tld.

Still, it has the upsides of not being ridiculously priced, kind of cute, and still having lots of free names.

@baloo Ah, and of course it also needs "vsmartcard-vpcd" ... that's a bit annoying, and would probably be an ugly hack to get into a centos image. But ... should be doable, if one doesn't mind a small mess.

@baloo As I recall it, the applet just needs some ancient java runtime. Sounds like a match made in heaven with RHEL!

@baloo you could check out https://github.com/arekinath/PivApplet

I've used that in CI while playing with PIV-for-OpenPGP some time ago (https://codeberg.org/heiko/openpgp-piv/src/branch/main/cli), and its README says it supports the attestation extension (I've not tried using that, though).

For reference, I've made myself a container with the applet in https://gitlab.com/hkos/virtual-piv/

@baloo Ouch 😬

A small one of the myriad reasons I care is personal: every time you use spicy autocomplete to do any coding, it has been trained on source code that I have made available under specific licenses, and your use of my code does not happen under the terms of these licenses. So you’re stealing from me and my friends and that’s not a great start to the conversation of validating your greed ✌️

I’m officially done with takes on AI beginning “Ethical concerns aside…”.

No! Stop right there.

Ethical concerns front and center. First thing. Let’s get this out of the way and then see if thre is anything left worth talking about.

Ethics is the formalisation of how we are treating one another as human beings and how we relate to the world around us.

It is *impossible* to put ethics aside.

What you mean is “I don’t want to apologise for my greed and selfishness.”

Say that first.

@Codeberg 23%

@rtn the page is trying to start by outlining a high level task of "let's encrypt something" - and then descends into more detail, including that we'll need key material.

I'm sure there's room for improvement for the structure, and I'm happy to read reactions :)

@rtn Yay! Have fun!

I'm very interested in writing more material for openpgp.foo over the coming weeks - that site is only getting started, and I'm enjoying writing this kind of relatively informal material, right now.

Definitely let me know if you have more thoughts about what you'd like to read more about, that's missing (or just hard to find)!

@rtn But I guess a more expanded version of that single sentence could become another little blog article 🤔

@rtn I didn't want to take up too much cognitive space with that enumeration. Just offer some sense of the mechanisms in RFC 9580, for readers who know these algorithm names.